On 06/21/2012 09:53 PM, Arno Gaboury wrote:

Dear all,

as I was configuring a conky window on my desktop, I decided to add some precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.

Reading any /var/log file needs to be root, thus making difficult to run any home config file with read access to log files. My turnaround is to *$chown root:log /var/log* then *$usermod -aG log username*. Security wise, I do not know if this can bring serious potential breach in the system. If yes, please tell me as I will NOT let this turnaround in the WIKI. What would be a safer solution to read the log files in my conky window?

Regards.

Sorry, this mail was itended to [arch-general].

2012/6/21 Arno Gaboury <arnaud.gaboury@gmail.com>:

Dear all,

as I was configuring a conky window on my desktop, I decided to add some precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.

Reading any /var/log file needs to be root, thus making difficult to run any home config file with read access to log files. My turnaround is to *$chown root:log /var/log* then *$usermod -aG log username*. Security wise, I do not know if this can bring serious potential breach in the system. If yes, please tell me as I will NOT let this turnaround in the WIKI. What would be a safer solution to read the log files in my conky window?

Regards.

**

Hello, The default syslog-ng configuration is set up so that users in the group 'log' can read the files: # /etc/syslog-ng/syslog-ng.conf options { ... perm(0640); group("log"); }; If you're using something else, then you could try to configure it to do the same. I think that security-wise using a group for this is the perfect approach because you can control who exactly can access the logs. Csaba